Hyper-Converged Platform Security

With so much emphasis these days on flashy cloud applications, many of us tend to forget that the platforms on which XaaS offerings execute must continue to rely – obviously – on the usual combination of hardware and software. In addition to processors and operating systems, this also includes the support utilities, such as hypervisors, that connect these tangible entities together. Yes, too often, even expertsecurity engineers ignore these underlying systems in their cyber safeguard planning. And this is a shame, because simple to use, converged solutions that actively build trust into the underlying compute infrastructure for mission critical virtualized workloads are available and can produce superior security for vulnerable, critical, and exposed applications. Michael Beesley, CTO of Skyport Systems sat down with me recently to explain the basis for Skyport’s platform and how its security-by-design contributes to a converged protection architecture for servers, storage, networking, virtualization, and other functional enterprise needs.

EA: I’ve heard you use the phrase ‘hyper-converged security’ in describing your platform. What do you mean by this?

MB: The concept of hyper-convergence involves cloud-managed systems that combine trusted hardware and software to support critical services and infrastructure. Everyone knows that a system is only as secure as its base, and we believe we provide the optimal support infrastructure for modern hybrid cloud services, and especially for systems that have the highest security requirements. Our SkySecure solution offers an easy to use, cloud managed, virtualized infrastructure that hybrid enterprises can use for their most critical, vulnerable, and exposed on-premise workloads

EA: What is the role of cloud in your platform?

MB: It is an essential component, which is why we always refer to our system as cloud-managed. To provide support for today’s cloud infrastructure with systems located across a continuum of public, private, and hybrid data centers, the flexibility of cloud allows system operators to evolve their architecture and systems operations without having to regress through management changes. The cloud-managed aspects of SkySecure facilitate a turnkey, easy to use, self-service infrastructure with a shared responsibility model between our customers and us. But cloud is not just central to our architecture, it is also central to the use of SkySecure for protecting the ever-increasing set of exposed workloads that are found within hybrid enterprise IT, something that traditional network based security approaches are extremely challenged with.

EA: Are threats best mitigated through a combination of hardware and software controls?

MB: Yes, and this is most obvious for the most important workloads within an enterprise, whether that be a critical control system such as Active Directory, or a vulnerable workload running on a legacy operating system, or an exposed workload talking to the Internet and talking back to the core of the enterprise data center as part of a hybrid application. To properly secure these types of workloads, security teams need to ensure proper configuration, administration, and set-up for the underlying hardware base, firmware, hypervisor, and operating system as well as tight security controls and visibility around the application virtual machine. For these sensitive workloads, all threat vectors up and down the stack must be well covered. The Skyport team focuses on making sure its customers experience this coverage at every layer of the stack.

EA: Do you see CISOs focusing sufficiently on server security in this era of cloud virtualization?

MB: We see a growing number of CISOs demanding the type of hyper-converged protections for hardware and software that we offer at Skyport. This realizes itself in procurement plans, data center security architectures, requests for proposal, and enhanced compliance. This is ultimately a good idea, especially for high priority systems with critical consequences if hacked. As enterprise IT continues to adopt hybrid architecture, there are more and more exposed workloads on-premise. We see CISOs, security teams and infrastructure teams focus more and more on full stack protections for these new threat surfaces with an acknowledgment that the best approach is to run these workloads on converged infrastructure that has full stack security built in.

EA: Any predictions regarding converged security in the coming years?

MB: Obviously, we believe it will become a more important component of security architectures for hybrid cloud infrastructure and modern virtualized data centers. But one place where we expect to see the most intense growth involves security compliance. Demanding higher assurance platforms is both sensible and essential to ensure top-to-bottom protection for sensitive, high-priority, and critical servers.